增加登录成功监听事件

1年前 · e32a0bddff
--- a/pmapi/src/main/java/com/ningdatech/pmapi/user/controller/AuthorizationEventListener.java
+++ b/pmapi/src/main/java/com/ningdatech/pmapi/user/controller/AuthorizationEventListener.java
@@ -1,5 +1,6 @@
 package com.ningdatech.pmapi.user.controller;
 import cn.hutool.core.date.LocalDateTimeUtil;
 import com.ningdatech.log.model.OptLogDTO;
 import com.ningdatech.log.model.enumeration.LogType;
 import com.ningdatech.log.service.OptLogService;
@@ -16,7 +17,6 @@ import org.springframework.security.core.Authentication;
 import org.springframework.stereotype.Component;
 import java.time.LocalDateTime;
 import java.time.temporal.ChronoUnit;
 /**
 * <p>
@@ -52,10 +52,10 @@ public class AuthorizationEventListener {
        OptLogDTO optLog = new OptLogDTO();
        optLog.setActionMethod(webDetails.getServletPath());
        optLog.setDescription(description);
        optLog.setStartTime(webDetails.getRequestTime());
        optLog.setStartTime(LocalDateTimeUtil.of(event.getTimestamp()));
        optLog.setFinishTime(now);
        optLog.setCreateOn(now);
        long consumingTime = ChronoUnit.MILLIS.between(optLog.getStartTime(), optLog.getFinishTime());
        long consumingTime = System.currentTimeMillis() - event.getTimestamp();
        optLog.setConsumingTime(consumingTime);
        optLog.setHttpMethod(webDetails.getMethod());
        optLog.setUserName(userDetails.getUsername());
--- a/pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/WebSecurityConfig.java
+++ b/pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/WebSecurityConfig.java
@@ -8,6 +8,8 @@ import com.ningdatech.pmapi.user.security.auth.agent.AgentAuthSecurityConfig;
 import com.ningdatech.pmapi.user.security.auth.common.CommonAuthSecurityConfig;
 import com.ningdatech.pmapi.user.security.auth.credential.CredentialAuthSecurityConfig;
 import com.ningdatech.pmapi.user.security.auth.handler.DefaultExpiredSessionStrategy;
 import com.ningdatech.pmapi.user.security.auth.handler.DefaultLogoutSuccessHandler;
 import lombok.RequiredArgsConstructor;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpStatus;
@@ -27,29 +29,16 @@ import java.util.Set;
 * @Version 1.0
 */
@Configuration
@RequiredArgsConstructor
 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    private final AuthProperties authProperties;
    private final CredentialAuthSecurityConfig credentialAuthSecurityConfig;
    private final LogoutSuccessHandler logoutSuccessHandler;
    private final DefaultLogoutSuccessHandler logoutSuccessHandler;
    private final DefaultExpiredSessionStrategy defaultExpiredSessionStrategy;
    private final AgentAuthSecurityConfig agentAuthSecurityConfig;
    private final CommonAuthSecurityConfig commonAuthSecurityConfig;
    public WebSecurityConfig(AuthProperties authProperties,
                             CredentialAuthSecurityConfig credentialAuthSecurityConfig,
                             AgentAuthSecurityConfig agentAuthSecurityConfig,
                             CommonAuthSecurityConfig commonAuthSecurityConfig,
                             @Qualifier(value = "defaultLogoutSuccessHandler") LogoutSuccessHandler logoutSuccessHandler,
                             DefaultExpiredSessionStrategy defaultExpiredSessionStrategy) {
        this.authProperties = authProperties;
        this.credentialAuthSecurityConfig = credentialAuthSecurityConfig;
        this.agentAuthSecurityConfig = agentAuthSecurityConfig;
        this.commonAuthSecurityConfig = commonAuthSecurityConfig;
        this.logoutSuccessHandler = logoutSuccessHandler;
        this.defaultExpiredSessionStrategy = defaultExpiredSessionStrategy;
    }
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        assemblerPreAuthUrls(http);
@@ -59,27 +48,29 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
                .and().apply(agentAuthSecurityConfig)
                .and().apply(commonAuthSecurityConfig)
                .and()
                .authorizeRequests().antMatchers(authProperties.getIgnoreAuthUrlsArray()).permitAll().anyRequest()
                .authorizeRequests()
                .antMatchers(authProperties.getIgnoreAuthUrlsArray())
                .permitAll()
                .anyRequest()
                .authenticated().and()
                // 防止固定会话攻击，Spring security的默认配置就是如此：
                // 登陆成功之后会创建一个新的会话，然后将旧的session信息复制到新的session中（客户端的sessionId变了）
                .sessionManagement().invalidSessionUrl(authProperties.getInvalidSessionUrl()).sessionFixation()
                .sessionManagement()
                .invalidSessionUrl(authProperties.getInvalidSessionUrl())
                .sessionFixation()
                .migrateSession()
                // .invalidSessionStrategy(defaultInvalidSessionStrategy)
                .maximumSessions(10)
                .maxSessionsPreventsLogin(true)
                .expiredSessionStrategy(defaultExpiredSessionStrategy)
                .and().and()
                .logout().logoutUrl(authProperties.getLogoutUrl()).logoutSuccessHandler(logoutSuccessHandler)
                .logout()
                .logoutUrl(authProperties.getLogoutUrl())
                .logoutSuccessHandler(logoutSuccessHandler)
                .deleteCookies(CommonConst.COOKIE_KEY)
                // .and()
                // .cors().configurationSource(corsConfigurationSource())
                .and()
                // .csrf().disable();
                // 开启csrf验证，需要前端同步传入token
                .csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
                .ignoringAntMatchers(authProperties.getIgnoreCsrfUrlsArray());
        // http.anonymous().authenticationFilter(availableUserAuthenticationFilter);
    }
    private AuthenticationEntryPoint authenticationEntryPoint() {
--- a/pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/agent/AgentAuthFilter.java
+++ b/pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/agent/AgentAuthFilter.java
@@ -51,7 +51,7 @@ public class AgentAuthFilter extends AbstractAuthenticationProcessingFilter {
        userId = trim(userId);
        try {
            AgentAuthToken authRequest = new AgentAuthToken(userId, userId);
            authRequest.setDetails(new WebRequestDetails(request, LocalDateTime.now()));
            authRequest.setDetails(new WebRequestDetails(request));
            return this.getAuthenticationManager().authenticate(authRequest);
        } catch (AuthenticationException e) {
            throw new BadCredentialsException("用户id 不能为空");
--- a/pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/common/CommonAuthFilter.java
+++ b/pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/common/CommonAuthFilter.java
@@ -15,7 +15,6 @@ import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.time.LocalDateTime;
 /**
 * @Author LiuXinXin
@@ -58,7 +57,7 @@ public class CommonAuthFilter extends AbstractAuthenticationProcessingFilter {
        credential = trim(credential);
        try {
            CommonAuthToken authRequest = new CommonAuthToken(platform, credential);
            authRequest.setDetails(new WebRequestDetails(request, LocalDateTime.now()));
            authRequest.setDetails(new WebRequestDetails(request));
            return this.getAuthenticationManager().authenticate(authRequest);
        } catch (AuthenticationException e) {
            throw new BadCredentialsException("用户状态");
--- a/pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/credential/CredentialAuthFilter.java
+++ b/pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/credential/CredentialAuthFilter.java
@@ -16,7 +16,6 @@ import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.time.LocalDateTime;
 /**
 * @Author LiuXinXin
@@ -61,7 +60,7 @@ public class CredentialAuthFilter extends AbstractAuthenticationProcessingFilter
        loginType = trim(loginType);
        try {
            CredentialAuthToken authRequest = new CredentialAuthToken(identifier, credential, loginType);
            authRequest.setDetails(new WebRequestDetails(request, LocalDateTime.now()));
            authRequest.setDetails(new WebRequestDetails(request));
            return this.getAuthenticationManager().authenticate(authRequest);
        } catch (CommonLoginException e) {
            throw new CommonLoginException(e.getMessage());
--- a/pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/model/WebRequestDetails.java
+++ b/pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/model/WebRequestDetails.java
@@ -49,11 +49,6 @@ public class WebRequestDetails extends WebAuthenticationDetails {
        this.userAgent = StrUtil.sub(request.getHeader("user-agent"), 0, 500);
    }
    public WebRequestDetails(HttpServletRequest request, LocalDateTime requestTime) {
        this(request);
        this.requestTime = requestTime;
    }
    public LocalDateTime getRequestTime() {
        return requestTime;
    }